From: "Stephan Müller" <smueller@chronox.de>
To: Christoph Hellwig <hch@lst.de>, Hannes Reinecke <hare@suse.de>
Cc: Sagi Grimberg <sagi@grimberg.me>,
Keith Busch <keith.busch@wdc.com>,
linux-nvme@lists.infradead.org,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, Hannes Reinecke <hare@suse.de>
Subject: Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms
Date: Sat, 17 Jul 2021 18:50:19 +0200 [thread overview]
Message-ID: <2097520.Z47m7augs3@positron.chronox.de> (raw)
In-Reply-To: <20210716110428.9727-12-hare@suse.de>
Am Freitag, 16. Juli 2021, 13:04:28 CEST schrieb Hannes Reinecke:
Hi Hannes,
> TLS 1.3 specifies ECDH and curve25517 in addition to the FFDHE
curve25519?
> groups, and these are already implemented in the kernel.
> So add support for these non-standard groups for NVMe in-band
> authentication to validate the augmented challenge implementation.
>
> Signed-off-by: Hannes Reinecke <hare@suse.de>
> ---
> drivers/nvme/host/auth.c | 38 +++++++++++++++++++++++++++++++++++++-
> drivers/nvme/target/auth.c | 23 +++++++++++++++++++++++
> include/linux/nvme.h | 2 ++
> 3 files changed, 62 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 754343aced19..d0dd63b455ef 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -10,6 +10,8 @@
> #include <crypto/kpp.h>
> #include <crypto/dh.h>
> #include <crypto/ffdhe.h>
> +#include <crypto/ecdh.h>
> +#include <crypto/curve25519.h>
> #include "nvme.h"
> #include "fabrics.h"
> #include "auth.h"
> @@ -67,6 +69,13 @@ struct nvme_auth_dhgroup_map {
> { .id = NVME_AUTH_DHCHAP_DHGROUP_8192,
> .name = "ffdhe8192", .kpp = "dh",
> .privkey_size = 1024, .pubkey_size = 1024 },
> + { .id = NVME_AUTH_DHCHAP_DHGROUP_ECDH,
> + .name = "ecdh", .kpp = "ecdh-nist-p256",
> + .privkey_size = 32, .pubkey_size = 64 },
> + { .id = NVME_AUTH_DHCHAP_DHGROUP_25519,
> + .name = "curve25519", .kpp = "curve25519",
> + .privkey_size = CURVE25519_KEY_SIZE,
> + .pubkey_size = CURVE25519_KEY_SIZE },
> };
>
> const char *nvme_auth_dhgroup_name(int dhgroup_id)
> @@ -337,7 +346,7 @@ static int nvme_auth_dhchap_negotiate(struct nvme_ctrl
> *ctrl, data->napd = 1;
> data->auth_protocol[0].dhchap.authid = NVME_AUTH_DHCHAP_AUTH_ID;
> data->auth_protocol[0].dhchap.halen = 3;
> - data->auth_protocol[0].dhchap.dhlen = 6;
> + data->auth_protocol[0].dhchap.dhlen = 8;
> data->auth_protocol[0].dhchap.idlist[0] = NVME_AUTH_DHCHAP_HASH_SHA256;
> data->auth_protocol[0].dhchap.idlist[1] = NVME_AUTH_DHCHAP_HASH_SHA384;
> data->auth_protocol[0].dhchap.idlist[2] = NVME_AUTH_DHCHAP_HASH_SHA512;
> @@ -347,6 +356,8 @@ static int nvme_auth_dhchap_negotiate(struct nvme_ctrl
> *ctrl, data->auth_protocol[0].dhchap.idlist[6] =
> NVME_AUTH_DHCHAP_DHGROUP_4096; data->auth_protocol[0].dhchap.idlist[7] =
> NVME_AUTH_DHCHAP_DHGROUP_6144; data->auth_protocol[0].dhchap.idlist[8] =
> NVME_AUTH_DHCHAP_DHGROUP_8192; + data->auth_protocol[0].dhchap.idlist[9]
=
> NVME_AUTH_DHCHAP_DHGROUP_ECDH; + data->auth_protocol[0].dhchap.idlist[10]
=
> NVME_AUTH_DHCHAP_DHGROUP_25519;
>
> return size;
> }
> @@ -889,6 +900,31 @@ static int nvme_auth_dhchap_exponential(struct
> nvme_ctrl *ctrl, }
> chap->host_key_len = pubkey_size;
> chap->sess_key_len = pubkey_size;
> + } else if (chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_ECDH) {
> + struct ecdh p = {0};
> +
> + pkey_len = crypto_ecdh_key_len(&p);
> + pkey = kzalloc(pkey_len, GFP_KERNEL);
> + if (!pkey)
> + return -ENOMEM;
> +
> + get_random_bytes(pkey, pkey_len);
> + ret = crypto_ecdh_encode_key(pkey, pkey_len, &p);
> + if (ret) {
> + dev_dbg(ctrl->device,
> + "failed to encode pkey, error %d\n", ret);
> + kfree(pkey);
> + return ret;
> + }
> + chap->host_key_len = 64;
> + chap->sess_key_len = 32;
> + } else if (chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_25519) {
> + pkey_len = CURVE25519_KEY_SIZE;
> + pkey = kzalloc(pkey_len, GFP_KERNEL);
> + if (!pkey)
> + return -ENOMEM;
> + get_random_bytes(pkey, pkey_len);
> + chap->host_key_len = chap->sess_key_len = CURVE25519_KEY_SIZE;
> } else {
> dev_warn(ctrl->device, "Invalid DH group id %d\n",
> chap->dhgroup_id);
> diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
> index cc7f12a7c8bf..7e3b613cb08b 100644
> --- a/drivers/nvme/target/auth.c
> +++ b/drivers/nvme/target/auth.c
> @@ -13,6 +13,8 @@
> #include <crypto/kpp.h>
> #include <crypto/dh.h>
> #include <crypto/ffdhe.h>
> +#include <crypto/ecdh.h>
> +#include <crypto/curve25519.h>
> #include <linux/crc32.h>
> #include <linux/base64.h>
> #include <linux/ctype.h>
> @@ -498,6 +500,27 @@ int nvmet_auth_ctrl_exponential(struct nvmet_req *req,
> ret);
> goto out;
> }
> + } else if (ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_ECDH) {
> + struct ecdh p = {0};
> +
> + pkey_len = crypto_ecdh_key_len(&p);
> + pkey = kmalloc(pkey_len, GFP_KERNEL);
> + if (!pkey)
> + return -ENOMEM;
> +
> + get_random_bytes(pkey, pkey_len);
> + ret = crypto_ecdh_encode_key(pkey, pkey_len, &p);
> + if (ret) {
> + pr_debug("failed to encode private key, error %d\n",
> + ret);
> + goto out;
> + }
> + } else if (ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_25519) {
> + pkey_len = CURVE25519_KEY_SIZE;
> + pkey = kmalloc(pkey_len, GFP_KERNEL);
> + if (!pkey)
> + return -ENOMEM;
> + get_random_bytes(pkey, pkey_len);
> } else {
> pr_warn("invalid dh group %d\n", ctrl->dh_gid);
> return -EINVAL;
> diff --git a/include/linux/nvme.h b/include/linux/nvme.h
> index 7b94abacfd08..75b638adbca1 100644
> --- a/include/linux/nvme.h
> +++ b/include/linux/nvme.h
> @@ -1476,6 +1476,8 @@ enum {
> NVME_AUTH_DHCHAP_DHGROUP_4096 = 0x03,
> NVME_AUTH_DHCHAP_DHGROUP_6144 = 0x04,
> NVME_AUTH_DHCHAP_DHGROUP_8192 = 0x05,
> + NVME_AUTH_DHCHAP_DHGROUP_ECDH = 0x0e,
> + NVME_AUTH_DHCHAP_DHGROUP_25519 = 0x0f,
> };
>
> union nvmf_auth_protocol {
Ciao
Stephan
next prev parent reply other threads:[~2021-07-17 16:50 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-16 11:04 [RFC PATCH 00/11] nvme: In-band authentication support Hannes Reinecke
2021-07-16 11:04 ` [PATCH 01/11] crypto: add crypto_has_shash() Hannes Reinecke
2021-07-17 6:08 ` Sagi Grimberg
2021-07-16 11:04 ` [PATCH 02/11] crypto: add crypto_has_kpp() Hannes Reinecke
2021-07-17 6:08 ` Sagi Grimberg
2021-07-16 11:04 ` [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters Hannes Reinecke
2021-07-17 6:14 ` Sagi Grimberg
2021-07-17 13:57 ` Hannes Reinecke
2021-07-17 15:03 ` Stephan Müller
2021-07-18 12:22 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding Hannes Reinecke
2021-07-17 6:16 ` Sagi Grimberg
2021-07-17 14:00 ` Hannes Reinecke
2021-07-17 14:12 ` Eric Biggers
2021-07-17 14:20 ` Eric Biggers
2021-07-16 11:04 ` [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication Hannes Reinecke
2021-07-17 6:30 ` Sagi Grimberg
2021-07-17 14:04 ` Hannes Reinecke
2021-07-20 20:26 ` Vladislav Bolkhovitin
2021-07-16 11:04 ` [PATCH 06/11] nvme: Implement " Hannes Reinecke
2021-07-17 7:22 ` Sagi Grimberg
2021-07-18 12:21 ` Hannes Reinecke
2021-07-19 8:47 ` Sagi Grimberg
2021-07-20 20:28 ` Vladislav Bolkhovitin
2021-07-21 6:12 ` Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:43 ` Hannes Reinecke
2021-07-18 12:47 ` Stephan Müller
2021-07-20 20:27 ` Vladislav Bolkhovitin
2021-07-21 6:08 ` Hannes Reinecke
2021-07-21 12:10 ` Vladislav Bolkhovitin
2021-07-16 11:04 ` [PATCH 07/11] nvme-auth: augmented challenge support Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:27 ` Hannes Reinecke
2021-07-18 12:57 ` Stephan Müller
2021-07-19 9:21 ` Sagi Grimberg
2021-07-20 13:12 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 08/11] nvmet: Parse fabrics commands on all queues Hannes Reinecke
2021-07-19 9:21 ` Sagi Grimberg
2021-07-16 11:04 ` [PATCH 09/11] nvmet: Implement basic In-Band Authentication Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:37 ` Hannes Reinecke
2021-07-18 12:56 ` Stephan Müller
2021-07-19 8:15 ` Hannes Reinecke
2021-07-19 8:51 ` Stephan Mueller
2021-07-19 9:57 ` Hannes Reinecke
2021-07-19 10:19 ` Stephan Mueller
2021-07-19 11:10 ` Hannes Reinecke
2021-07-19 11:52 ` Stephan Mueller
2021-07-19 12:08 ` Hannes Reinecke
2021-07-20 10:14 ` Hannes Reinecke
2021-07-20 10:49 ` Simo Sorce
2021-07-20 11:31 ` Hannes Reinecke
2021-07-20 14:44 ` Simo Sorce
2021-07-20 14:47 ` Stephan Mueller
2021-07-23 20:02 ` Vladislav Bolkhovitin
2021-07-18 13:26 ` Herbert Xu
2021-07-19 20:38 ` Sagi Grimberg
2021-07-20 6:08 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 10/11] nvmet-auth: implement support for augmented challenge Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:25 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms Hannes Reinecke
2021-07-17 16:50 ` Stephan Müller [this message]
2021-07-18 12:44 ` Hannes Reinecke
2021-07-19 9:23 ` Sagi Grimberg
2021-07-19 9:56 ` Hannes Reinecke
2021-07-17 6:06 ` [RFC PATCH 00/11] nvme: In-band authentication support Sagi Grimberg
2021-07-19 10:02 ` Simo Sorce
2021-07-19 11:11 ` Hannes Reinecke
2021-07-20 20:26 ` Vladislav Bolkhovitin
2021-07-21 6:06 ` Hannes Reinecke
2021-07-21 12:10 ` Vladislav Bolkhovitin
2021-07-23 20:02 ` Vladislav Bolkhovitin
2021-07-24 11:17 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2097520.Z47m7augs3@positron.chronox.de \
--to=smueller@chronox.de \
--cc=davem@davemloft.net \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=keith.busch@wdc.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).